Drift Protocol loses $270M as Solana durable nonce enables pre-signed multi-sig withdrawals

Drift Protocol suffered a $270M loss after attackers exploited Solana durable nonce to execute pre-signed multi-sig withdrawals weeks after approvals. The breach was not a classic code bug or private-key theft, but a governance workflow failure: a five-member security council required 2-of-5 approvals, yet attackers collected misleading signatures using durable nonce accounts. The attackers set up durable nonce accounts in late March and adapted after a March 27 council migration. A seemingly normal test withdrawal from Drift’s insurance fund triggered immediate broadcast of the already valid transactions. Funds were drained in two transactions and routed through multiple wallets, including Backpack as an identity-gated intermediary. Tracing shows the biggest loss in JPL ($155.6M), followed by USDC ($60.4M), CBBTC ($11.3M), and USDT ($5.65M), plus other assets. Analysts say $230M+ USDC moved to Ethereum via Circle’s CCTP. Criticism also targeted Circle for not freezing stolen funds within the first six hours. For traders, this incident raises near-term risk around Solana DeFi governance and multisig operations, and may pressure sentiment toward protocols with complex multisig + durable nonce security. Any follow-on freezes, recovery moves, or further disclosures can drive short-term volatility, especially in affected tokens.
Bearish
The exploit targets a core Solana DeFi security primitive (durable nonce) and shows that even 2-of-5 multisig can be bypassed via operational/social-engineering timing gaps. In the short term, this increases perceived smart-contract and governance risk for Drift-adjacent liquidity and for similarly designed multisig systems, which can reduce risk appetite and lead to sell pressure on affected assets (notably JPL and USDC-linked exposure). In the long term, traders may price in higher security and compliance costs, pushing conservative positioning until audits and governance redesigns provide clearer guarantees. Potential freeze/recovery actions (and any exchange/bridge responses) can create sharp intraday moves, but the initial impact is likely negative for tokens tied to the incident.